Welcome to the Piano World Piano ForumsOver 2.5 million posts about pianos, digital pianos, and all types of keyboard instruments
Join the World's Largest Community of Piano Lovers
(it's free)
It's Fun to Play the Piano ... Please Pass It On!

I was working on a customer's Boston grand, when I got a call from a client saying, "Hey, Dave, you got hacked. You'd better get on it and change your password!" The problem was that my internet was down while I was between services that required an exterior hardware upgrade. Then I got another call, saying the same thing. Then another, and another.

According to the e-mail the hacker sent out to all of my contacts, I was in England and had lost my wallet. Could you please send me $1800?

It went on all day. My wife tried to change my password from her work, but was unable to: my ISP had been sold a couple of times since I first opened the account, and I couldn't even access that setting.

I finally got home, got on the phone with ATT tech support and eventually was able to change the password for that account. I also managed to close the Yahoo account that the hacker was using to siphon off a day's worth of incoming mail, 2 years worth of sent mail, and all of my e-mail contacts.

Sorry if anyone here got spammed. Don't forget to change passwords once in a while.

Mark_C
Yikes! 10000 Post Club Member
Joined: Nov 2009
Posts: 21,550
New York

Originally Posted by Dave Stahl

....According to the e-mail the hacker sent out to all of my contacts, I was in England and had lost my wallet. Could you please send me $1800?....

Just about exactly the same thing happened yesterday with a friend of mine -- and I was one of the people who got contacted.

Here's what the e-mail said (eerily similar to yours):

Good Morning,

I'm writing this with tears in my eyes,but i really need your help at the moment,I came down here to Mallorca Spain for a short vacation,unfortunately i got mugged at the park of the hotel i staying ,everything i had on me was stolen including,cash,credit cards and cell phone....I've been to the embassy and the Police here but they're not helping issues at all,I need help to settle the bills and flying back home,I'll surely pay back as soon as we get back home.

Thanks[friend's first name]

Immediately there were suspicious things about it, like the slightly-incorrect typing, which my friend wouldn't have done quite that way, even under stress, plus the capitalization of "Police" which I thought he never would have done at all. Still, if not for all the publicity about scams like this (including the warnings that have been posted by our members here from time to time), I might not have suspected enough, and even as it was, my first instant thought was that this was real. I replied, and asked if there was a phone number where I could speak to him directly. If the person did answer with a phone number, besides making sure that the person sounded like my actual friend I would have asked some things that only he would have known. But the next e-mail just said there wasn't a phone where he could be reached, and could I please immediately wire him $2500 via Western Union.

Yeah right.

I then did what I probably should have done right away: I called my friend's home phone number in New York, and was glad when he himself picked up the phone.

Hopefully and presumably none of your contacts got fooled to the point of sending money. I would like to think I wouldn't have, even if not for the publicity and warnings I'd seen. But I might have.

I was truly grateful for the amount of phone calls I got from clients and friends. Most of them just wanted to let me know what was going on, but some of the people were really concerned and ready to send money!

Things like this cause the worst problems when people are in actual difficulty.

I could rant on this subject. But I'll summarize it as this: if you know a close family member is on vacation, and they contact you to say "HELP!!!! Call American Express's concierge service and help me find a hotel! I'll pay for it, I just need their help finding one. I'm in [this city] in [this developing country] where there's a huge international conference (which I never knew about before), every hotel is booked, no one speaks my language, the place is famous for corruption, and I've been awake for 3 days strait." Do not, under any condition, reply "why don't you try Travelocity.com?" It's a developing country, they don't use Travelocity, and the 2 hotels that are listed have been full for weeks and never bother to update their status. I tried that long ago.For those that don't know, American Express's concierge service can work wonders and find hotels or rooms that otherwise don't exist. They are also very good at conveying the critical information before a cellphone battery dies.

Good reminder Dave. Recently our church email got hacked. The hacker sent out pornographic pictures to the entire congregation!!!! Come to find out, our password had not been changed in 10 years and was a very simple word to figure out.

Folks, as our tech guy instructs us at my school, your password needs to contain the following: a capital letter, a symbol and a number. Even though most of us use the same password for everything, it's really not a good idea. We're instructed to have separate passwords for school and home, so if one get's hacked, the other is not in jeopardy. Just a few things to think about.

No, but trying a tested pw would be a logical place to start. Not paranoid at all, but we ARE talking security and hacking here. And after all, tricking people into entering information is how phisers operate.

Well, don’t have any fun with the password checker if you believe everyone is out to get you. If you have concerns about password security keep in mind these simple rules;Change your password once a month.Insure your password has all the components, upper/ lower case, special characters and numbers.The last one is keystrokes. I never type them in, but use cut/paste. This way if I have a keystroke logger the characters are not read.

On a lighter note, I have to share how ridiculous this is: at work (federal gov.), we are required to change our password every 6 months...to get into...REQUIRED local continuing education "programs".

Unbelievable! OH no, someone ELSE is trying to do my CE, yikes!leave it to the government....oh, and the requirements for the password are UNREAL. Most of us can't get in and end up on the phone with IT, wasting time.See how your tax dollars are spent?

It may not be your password that was hacked. Have you seen one of the emails? The return address is probably not yours.

What probably happened is that either your address book was hacked, which can happen if you keep it on a server like AOL, or that someone got addresses from a carelessly addressed email.

You should use CC sparingly. If you are sending a message to a large group, use BCC instead.

Absolutely. Are you sure it was your account that was hacked? Lots of times, a random address from the person who was hacked's address book is put into the "from" line to throw people off. The fact that the mail is "from" you doesn't necessarily mean you're the one who was compromised.

Whoever did this took years worth of my sent mail and e-mail contacts, leaving my "passwords" folder alone, thank goodness! They opened a bogus account that was like mine--only Yahoo instead of SBC global--and copied my signature, but putting in a non-operational phone number. I'm not sure how they could get in and do those things without getting into my account. If they didn't figure out the password, or how to bypass it, then how did they access all of these things?

You can set up a phony account, fake a signature, and harvest a bunch of email addresses from a single bulk email message. No password is necessary. If you pass on internet messages to a bunch of people, you should always use BCC, not CC.

However, you should check your computer for malware, and report the fraudulent email address to Yahoo.

You can set up a phony account, fake a signature, and harvest a bunch of email addresses from a single bulk email message. No password is necessary. If you pass on internet messages to a bunch of people, you should always use BCC, not CC.

However, you should check your computer for malware, and report the fraudulent email address to Yahoo.

I think that's what happened. The fraudulent address has been reported and removed. I needed to go a couple of levels deep in tech support for that one!